CVE-2011-2503 in systemtapinfo

Summary

The insert_module function in runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate a module when loading it, which allows local users to gain privileges via a race condition between the signature validation and the module initialization.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

06/15/2011

Disclosure

07/26/2012

Moderation

VulDB entry created

Entries

1: VDB-61433

CPE

ready

CWE

CWE-20 (Confirmed)

CVSS

4.9

EPSS

0.00112

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-2503
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-2503
CVE Details	https://www.cvedetails.com/cve/CVE-2011-2503/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!